US11863567B2ActiveUtilityA1

Management of bot detection in a content delivery network

82
Assignee: FASTLY INCPriority: Feb 4, 2020Filed: Feb 4, 2021Granted: Jan 2, 2024
Est. expiryFeb 4, 2040(~13.6 yrs left)· nominal 20-yr term from priority
Inventors:Christian Peron
H04L 67/5683H04L 67/5651H04L 63/1408H04L 63/10H04L 67/568H04L 2463/144H04L 63/1416H04L 63/0876H04L 63/1458H04L 67/1097
82
PatentIndex Score
2
Cited by
16
References
18
Claims

Abstract

Disclosed herein are systems, methods, and software for managing bot detection in a content delivery network (CDN). In one implementation, a cache node in a CDN may obtain a content request without a valid token for content not cached on the cache node and, in response to the content request, generate a synthetic response for the content request, wherein the synthetic response comprises a request for additional information from the end user device associated with the content request. The cache node further may obtain a response from the end user device and determine whether to satisfy the request based on whether the response from the end user device indicates that it is a bot.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method of operating a cache node in a content delivery network comprising:
 identifying a content request without a valid token for content not cached on the cache node; 
 in response to the content request, generating a synthetic response for the content request, wherein the synthetic response includes at least a request for a proof of work and fingerprinting attributes associated with an end user device that generated the content request, wherein the request for a proof of work comprises a problem to be solved by the end user device; 
 communicating the synthetic response to the end user device; 
 obtaining a response from the end user device to the synthetic response; 
 determining that the content request is associated with a bot based on the response; 
 in response to determining that the content request is associated with a bot, preventing a second content request to an origin server to obtain the content; 
 identifying a second content request without a valid token for second content not cached on the cache node; 
 in response to the second content request, generating a second synthetic response for the content request, wherein the second synthetic response includes at least a request for a proof of work and fingerprinting attributes associated with a second end user device that generated the second content request; 
 communicating the second synthetic response to the second end user device; 
 obtaining a second response from the second end user device to the second synthetic response; 
 determining that the second content request is not associated with a bot based on the response; and 
 in response to determining that the second content request is not associated with a bot:
 obtaining the second content from an origin server; and 
 providing the second content to the second end user device. 
 
 
     
     
       2. The method of  claim 1 , wherein the proof of work comprises a java script proof of work function. 
     
     
       3. The method of  claim 1 , wherein the fingerprinting attributes comprise a browser version, an IP address associated with the end user device, or an operating system version. 
     
     
       4. The method of  claim 1 , wherein determining that the content request is associated with a bot based on the response comprises:
 providing at least one of the fingerprinting attributes to at least one service, 
 obtaining an indication from the at least one service that the end user device comprises a bot; and 
 determining that the content request is associated with a bot based on the indication. 
 
     
     
       5. The method of  claim 1 , wherein determining that the content request is associated with a bot based on the response comprises:
 generating a score based on the fingerprinting attributes; 
 determining that the content request is associated with a bot based on the score satisfying at least one criterion. 
 
     
     
       6. The method of  claim 1  further comprising, in response to determining that the second content request is not associated with a bot:
 generating a token for the second end user device; and 
 providing the token to the second end user device. 
 
     
     
       7. The method of  claim 1  further comprising caching the second content in the cache node. 
     
     
       8. The method of  claim 1  further comprising:
 obtaining one or more bot preferences from a customer of the content delivery network, wherein the one or more bot preferences indicate at least at least one criterion associated with a bot; 
 generating a score based on the fingerprinting attributes; 
 determining that the content request is associated with a bot based on the score satisfying the at least one criterion. 
 
     
     
       9. A computing apparatus comprising:
 a storage system; 
 a processing system operatively coupled to the storage system; and 
 program instructions stored on the storage system to provide bot detection in a content delivery network that, when executed by the processing system, direct the processing system to:
 identify a content request without a valid token for content not cached on the cache node; 
 in response to the content request, generate a synthetic response for the content request, wherein the synthetic response includes at least a request for a proof of work and fingerprinting attributes associated with an end user device that generated the content request, wherein the request for a proof of work comprises a problem to be solved by the end user device; 
 communicate the synthetic response to the end user device; 
 obtain a response from the end user device to the synthetic response; 
 determine that the content request is associated with a bot based on the response; 
 in response to determining that the content request is associated with a bot, prevent a second content request to an origin server to obtain the content; 
 
 identify a second content request without a valid token for second content not cached on the cache node; 
 in response to the second content request, generate a second synthetic response for the content request, wherein the second synthetic response includes at least a request for a proof of work and fingerprinting attributes associated with a second end user device that generated the second content request; 
 obtain a second response from the second end user device to the second synthetic response; 
 determine that the second content request is not associated with a bot based on the response; and 
 in response to determining that the second content request is not associated with a bot:
 obtain the second content from an origin server; and 
 provide the second content to the second end user device. 
 
 
     
     
       10. The computing apparatus of  claim 9 , wherein the proof of work comprises a java script proof of work function. 
     
     
       11. The computing apparatus of  claim 9 , wherein the fingerprinting attributes comprise a browser version, an IP address associated with the end user device, or an operating system version. 
     
     
       12. The computing apparatus of  claim 9 , wherein determining that the content request is associated with a bot based on the response comprises:
 providing at least one of the fingerprinting attributes to at least one service, 
 obtaining an indication from the at least one service that the end user device comprises a bot; and 
 determining that the content request is associated with a bot based on the indication. 
 
     
     
       13. The computing apparatus of  claim 9 , wherein determining that the content request is associated with a bot based on the response comprises:
 generating a score based on the fingerprinting attributes; 
 determining that the content request is associated with a bot based on the score satisfying at least one criterion. 
 
     
     
       14. The computing apparatus of  claim 9 , wherein the program instructions further direct the processing system to, in response to determining that the second content request is not associated with a bot:
 generate a token for the second end user device; and 
 provide the token to the second end user device. 
 
     
     
       15. The computing apparatus of  claim 9 , wherein the program instructions further direct the processing system to cache the second content in the cache node. 
     
     
       16. The computing apparatus of  claim 9 , wherein the program instructions further direct the processing system to:
 obtain one or more bot preferences from a customer of the content delivery network, wherein the one or more bot preferences indicate at least at least one criterion associated with a bot; 
 generate a score based on the fingerprinting attributes; 
 determine that the content request is associated with a bot based on the score satisfying the at least one criterion. 
 
     
     
       17. A method comprising:
 identifying a content request without a valid token for content not cached on the cache node; 
 in response to the content request, generating a synthetic response for the content request, wherein the synthetic response includes at least a request for a proof of work and fingerprinting attributes associated with an end user device that generated the content request, wherein the request for a proof of work comprises a problem to be solved by the end user device; 
 obtaining a response from the end user device to the synthetic response; 
 determining whether the response satisfies at least one criterion defined by a customer of the content delivery network to indicate a bot; 
 when the response satisfies the at least one criterion, preventing a second content request to an origin server to obtain the content; and 
 when the response fails to satisfy the at least one criterion:
 obtaining the content from an origin server; and 
 providing the content to the end user device. 
 
 
     
     
       18. The method of  claim 17  further comprising:
 when the response fails to satisfy the at least one criterion:
 generating a token for the end user device; and 
 providing the token to the end user device.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.